I don't know why but this option is not working.
request_body_max_size <- restriction for max upload is working well,
but reply_body_max_size <- restriciton for max download is not working.
Why ?
Here is my config file:# TAG: request_body_max_size (KB)
# This specifies the maximum size for an HTTP request body.
# In other words, the maximum size of a PUT/POST request.
# A user who attempts to send a request with a body larger
# than this limit receives an "Invalid Request" error message.
# If you set this parameter to a zero (the default), there will
# be no limit imposed.
#
#Default:
# request_body_max_size 0 KB
request_body_max_size 3 MB
---------------------------------------------------------------------
#Recommended minimum configuration:
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563 444
acl Safe_ports port 80 # http
#acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
#acl Safe_ports port 70 # gopher
#acl Safe_ports port 210 # wais
#acl Safe_ports port 1025-65535 # unregistered ports
#acl Safe_ports port 280 # http-mgmt
#acl Safe_ports port 488 # gss-http
#acl Safe_ports port 591 # filemaker
#acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#-------------Conectiuni maxime per IP-------------
#acl maxcon maxconn 3
#------------Upload max---------------
#request_body_max_size 3 MB <- The option is set higher
#-----------Download max--------------
#reply_body_max_size 2100000 allow all <- The option is set lower
#----------Restrict Download max 2 Mb exception symantec.com--------
acl allow_dl_from dstdomain symantec.com
#-------------Extensii interzise video-audio-exec-------------
acl music-video urlpath_regex -i "/etc/squid/deny/ext.block"
#------------Banner-Reklama-Advertise------------
acl BANNER url_regex banner reclama linkexch banpics us\.yimg\.com[\./]ad[s]?[\./]
#--------Site-uri games-porno-music-other-spyware-chat-------------
acl porno url_regex -i "/etc/squid/deny/porn.block"
acl games url_regex -i "/etc/squid/deny/games.block"
acl multimedia url_regex -i "/etc/squid/deny/multimedia.block"
acl other url_regex -i "/etc/squid/deny/other.block"
acl adv url_regex -i "/etc/squid/deny/banner.block"
#--------------Reteaua 145------------------
acl 145a src "/etc/squid/allow/145a.allow"
acl 145b src "/etc/squid/allow/145b.allow"
acl 145c src 192.168.41.200/32
#-----------------------Restrictions-----------------------
#---Restrictie ptr extensii interzise---
http_access deny music-video
deny_info ERR_ACCESS_DENIED_EXT music-video
#---Restrictie ptr bannere---
http_access deny BANNER
deny_info ERR_ACCESS_DENIED_NOBANNER BANNER
#---Restrictie ptr site-uri cu jocuri---
http_access deny games
#---Restrictie ptr site-uri porno---
http_access deny porno
deny_info ERR_ACCESS_DENIED_NOPORNO porno
#---Restrictie ptr site-uri audio-video---
http_access deny multimedia
deny_info ERR_ACCESS_DENIED_MULTIMEDIA multimedia
#---Restrictie ptr orice altceva ce nu se include---
http_access deny other
#---Restriction for banre-reklama-advertise---
http_access deny adv
deny_info ERR_ACCESS_DENIED_NOBANNER adv
#---Access ptr toti in afara de sala 145---
http_access deny all !145a !145b !145c !localhost
------------------------------------------------------------------------------
# TAG: reply_body_max_size bytes allow|deny acl acl...
# This option specifies the maximum size of a reply body. It
# can be used to prevent users from downloading very large files,
# such as MP3's and movies. When the reply headers are recieved,
# the reply_body_max_size lines are processed, and the first line with
# a result of "allow" is used as the maximum body size for this reply.
# This size is then checked twice. First when we get the reply headers,
# we check the content-length value. If the content length value exists
# and is larger than the allowed size, the request is denied and the
# user receives an error message that says "the request or reply
# is too large." If there is no content-length, and the reply
# size exceeds this limit, the client's connection is just closed
# and they will receive a partial reply.
#
# WARNING: downstream caches probably can not detect a partial reply
# if there is no content-length header, so they will cache
# partial responses and give them out as hits. You should NOT
# use this option if you have downstream caches.
#
# WARNING: A maximum size larger than the size of squid's error messages
# will cause an infinite loop and crash squid. Ensure that the smallest
# non-zero value you use is greater that the maximum header size plus
# the size of your largest error page.
#
# If you set this parameter to zero (the default), there will be
# no limit imposed.
#
#Default:
# reply_body_max_size 0 allow all
reply_body_max_size 0 allow allow_dl_from
reply_body_max_size 21000000 allow all <---------- max download 2.1 Mb